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DETAILED ACTION 

1 . Claims 1, 3-10, 12-16 are presented for examination. 

2. Claims 1, 7, 9, 13-14 and 16 are currently amended. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1.114, including 
the fee set forth in 37 CFR 1.17(e), was filed in this application after final 
rejection. Since this application is eligible for continued examination under 37 
CFR 1 .1 14, and the fee set forth in 37 CFR 1 .17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 
1.114. Applicant's submission filed on December 08, 2008 has been entered. 

Response to Arguments 

4. Applicant's arguments filed on December 08, 2008 have been fully 
considered but they are not persuasive because of the following reasons: 

5. Applicant argues that the Win does not teach an automated 
security scan of the second network device to determine at least one of a 
hardware or software capability of the network device. 

In response to applicant's arguments against the references individually, 
one cannot show nonobviousness by attacking references individually where the 
rejections are based on combinations of references. See In re Keller, 642 
F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 
USPQ 375 (Fed.Cir. 1986). 
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Moreover, the examiner submits that Win does teach the feature of 
performing an automated security scan of a second network device by a first 
network device to determine a capability of the second network device as shown 
in line 8, col. 8, line 23-col. 9, line 40, col. 10, line 64-col. 12. 

6. Applicant argues that Wright does not teach or suggest the feature 
of performing an automated security scan of the second network device to 
determine at least one of a hardware or software capability of the network device. 
In response to applicant's argument, the examiner submits that Wright does 
teach performing an automated security scan of the second network device to 
determine at least one of a hardware or software capability of the network device 
as shown in paragraphs [0013-0014], [00078]. 

7. In addition, as the independent claims 9, 14 and 16 recited similar 
feature of claim 1 as discussed above. Therefore, the rejection to independent 
claims 1,9, 14 and 1 6 are sustained. 

8. Applicants still have failed to identify specific claim limitations that 
would define a patentable distinction over cited prior arts. Therefore, the 
examiner asserts that cited prior art teaches or suggests the subject matter 
broadly recited in independent claims 1, 9, 14 and 16. Claims 3-8, 10, 12-13, 
and 15 are also rejected at least by virtue of their dependency on independent 
claims and by other reasons set forth in this office action below. Accordingly, 
claims 1, 3-10, 12-16 are rejected. 



Claim Rejections - 35 USC § 103 
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9. The following is a quotation of 35 U.S.C. 1 03(a) which forms the 
basis for all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

10. Claims 1-14 are rejected under 35 U.S.C. § 103 (a) as being 
unpatentable over Win et al. (hereinafter Win) U.S. Patent No. 6,453,353, in view 
of Wright et al. (hereinafter Wright) U.S. Pub. No. 2004/0123153. 

11. As to claims 1,14 and 16, Win teaches a method, comprising: 
performing an automated security scan of a second network device by a first 
network device to determine a capability of the second network device (line 8, 
col. 8, line 23-col. 9, line 40, col. 10, line 64-col. 12); generating an attribute 
certificate the second network device based in part on the attribute (col. 7, line 
34-col. 8, line 46, col. 10, line 34-col. 11, line 9); storing the attribute certificate 
including the attribute on a device other than the second network device (col. 6, 
line 20-65, col. 10, lines 14-67); and responsive to a verified authentication 
request from the second network device for access to a resource over a network, 
determining whether the stored attribute certificate for the second network device 
is valid, where if the stored attribute certificate is determined valid, authorizing 
access to the resource over the network based, in part, on the attribute 
associated with the attribute certificate, or else denying access to the resource 
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for the second network device (col. 9, line 14-col. 10, line 67, col.11, line 43-col. 
12, line 8). 

Win teaches the feature of determining an attribute for the second network 
device based on, in part, a capability of users (abstract, figure 1, col. 6, lines 58- 
65, col. 1 1 , line 42-col. 1 2, line 8). However, Win does not explicitly teach 
determining at least one of a hardware or software capability of the second 
network and determining an attribute based, in part, on the determined capability. 

Wright teaches the feature of determining at least one of a hardware or 
software capability of the second network ([0013-0014], [00078]) and determining 
an attribute based, in part, on the determined capability ([0066-0067], [0078]- 
[0121]). 

It would have been obvious to one of ordinary skill in the Data Processing 
art at the time of the invention was made to modify the teachings of Wright into 
Win to include the feature of determining at least one of a hardware or software 
capability of the second network and determining an attribute based, in part, on 
the determined capability because it would have provided different levels of 
security protection for different location and/or security features are highly 
desirable for network device. 

12. As to claim 3, Win teaches wherein the attribute is further 
determined based, in part, on a condition to be satisfied (figure 3, col. 8, lines 5- 
63). 
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1 3. As to claim 4, Win teaches wherein the attribute is further 
associated with a group of network devices (col. 13, lines 35-67). 

14. As to claim 5, Win teaches wherein the attribute is further 
associated with a group of users (col. 13, lines 35-67). 

15. As to claim 6, Win teaches, wherein the attribute certificate is 
generated by at least one of the first network device, an access server, and an 
attribute authority (figure 1 ). 

16. As to claim 7, Win teaches wherein the attribute certificate is stored 
in an attribute repository (figure 1 ). 

17. As to claim 8, Win teaches wherein the attribute certificate is 
provided to an access server through the use of at least one of a cookie, a 
program, and a manual upload (col. 10, line 41 -col. 12, lines 8). 

18. As to claim 9, Win teaches an apparatus, comprising: an interface 
configured to perform an automated security scan of a network device to 
determine a capability of the network device (col. 10, line 64-col. 12, line 8, col. 8, 
line 23-col. 9, line 40, col. 10, line 34-67); a memory configured to store the 
attribute certificate including the attribute on a device other than the network 
device (col. 7, line 34-col. 8, line 46, col. 10, line 34-col. 11, line 9); responsive to 
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a verified authentication request from the network device for access to a 
resource over a network, the processor further configured to determine whether 
the stored attribute certificate is valid, where if the stored attribute certificate is 
determined valid, the processor is configured to authorize access to the resource 
over the network based, in part, on the attribute associated with the attribute 
certificate, or else to deny access to the resource for the network device (col. 9, 
line 14-col. 10, line 67, col.1 1 , line 43-col. 12, line 8). 

Win teaches the processor configured to generate an attribute certificate, 
wherein the attribute certificate is based, in part, on a capability of users 
(abstract, figure 1 , col. 6, lines 58-65, col. 11, line 42-col. 12, line 8). However, 
Win does not explicitly teach determining at least one of a hardware or software 
capability of the network device; a processor configured to determine an attribute 
for the network device and based, in part on the determined capability; and the 
processor further configured to generate an attribute certificate for the network 
device based, in part, on the attribute. 

Wright teaches determining at least one of a hardware or software 
capability of the network device ([0013-0014], [00078]); a processor configured to 
determine an attribute for the network device and based, in part on the 
determined capability; and the processor further configured to generate an 
attribute certificate based, in part, on the attribute ([0066-0067], [0078]-[0121]). 

It would have been obvious to one of ordinary skill in the Data Processing 
art at the time of the invention was made to combine the teachings of Wright into 
Win to include the feature of determining an attribute based on the determined 
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capability of a network device because it would have provided different levels of 
security protection for different location and/or security features are highly 
desirable for network device. 

1 9. As to claim 1 0, Win teaches wherein the processor is further 
configured to generate the attribute certificate based on a condition to be 
satisfied (figure 3, col. 8, lines 5-63). 

20. As to claim 12, Win teaches wherein the processor is further 
configured to generate the attribute certificate based on the automated security 
scan of the other network device (abstract, col. 5, line 55-col. 6, line 10, col. 10, 
lines 34-67). 

21 . As to claim 13, Win teaches wherein the interface is further 
configured to send the attribute certificate to an attribute repository to be stored 
(figure 1). 

22. As to claim 15, Win teaches wherein the means to perform an 
automated scan comprises an interface; and the means for determining, 
generating, storing, and means responsive comprises a central processing unit 
coupled to the interface and further coupled to a memory (col. 7, line 34-col. 8, 
line 46, col. 1 0, line 34-col. 1 1 , line 9). 
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Conclusion 

23. The prior art made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

24. Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Thu Ha Nguyen, whose 
telephone number is (571 ) 272-3989. The examiner can normally be reached 
Monday through Friday from 8:30 AM to 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ario Etienne, can be reached at (571) 272-4001 . 

The fax phone numbers for the organization where this application or 
proceeding is assigned are (571 ) 273-8300 for regular communications. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov . Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 



/THUHAT. NGUYEN/ 
Primary Examiner, Art Unit 2453 
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